Splunk Training
Splunk Certifications
Professional Services
Enterprise Training
Splunk Role-Based Learning Tracks
With such an extensive list of training available, some students don’t know where to start (or stop!). This is why we’ve put together Learning Paths designed to give students everything they need to become true subject matter experts in their desired field.
Splunk Learning Paths are based on Splunk products and persona. Learning Paths are not certification-focused, rather they focus on preparing employees for a particular job role. (For certifications, visit this page).
Do you have any questions about our Splunk training offerings? Simply let us know your requirements using our contact form or call us at +43 1 6000 880-0 and we will be happy to advise you!
Introductory Modules
Before starting any of the Role-Based Learning Tracks below, you should complete the following foundational e-learning modules:
- What is Splunk? (WIS) (free)
- Intro to Splunk (ITS) (free)
- Using Fields (Free) (SUFF) (free)
OR
- Using Fields (SUF) (includes hands-on labs)
Search Expert Role
The Search Expert learning path offers modules to teach you to write efficient searches, perform correlations, create visualizations, and leverage subsearches and lookups.
Before attending the Learning Path, please also complete the following free e-learning modules:
Full Package: Search Expert Learning Path (SE-RBLP)
Building on the introductory e-learning modules, this Learning Path contains the following modules:
- Working with Time (WWT)
- Statistical Processing (SSP)
- Comparing Values (SCV)
- Result Modification (SRM)
- Leveraging Lookups and Subsearches (LLS)
- Correlation Analysis (SCLAS)
- Search Under the Hood (SUH) (e-learning)
- Multivalue Fields (SMV)
- Search Optimization (SSO)
Knowledge Manager Role
The Knowledge Manager learning path modules teach you to create knowledge objects including lookups, data models, and different types of fields. In addition, you learn to build dashboards and add inputs for filtering.
Before attending the Learning Path, please also complete the following free e-learning module:
Full Package: Knowledge Manager Learning Path (KM-RBLP)
Building on the introductory e-learning modules, this Learning Path contains the following modules:
- Creating Knowledge Objects (CKO)
- Creating Field Extractions (CFE)
- Enriching Data with Lookups (EDL)
- Data Models (SDM)
- Introduction to Dashboards (ITD) (includes hands-on labs)
- Dynamic Dashboards (SDD)
- Using Choropleth (SUC)
- Search Optimization (SSO)
Data Science Analyst Role
The Data Science Analyst learning path modules teach you to write efficient and optimized searches to extract analytics from your data. It covers machine learning, transaction analysis and prediction. It also includes the modules to help build and use the knowledge objects including data models and lookups.
Before attending the Learning Path, please also complete the following free e-learning modules:
Full Package: Data Science Analyst Learning Path (DSA-RBLP)
Building on the introductory e-learning modules, this Learning Path contains the following modules:
- Working with Time (WWT)
- Statistical Processing (SSP)
- Comparing Values (SCV)
- Result Modification (SRM)
- Leveraging Lookups and Subsearches (LLS)
- Correlation Analysis (SCLAS)
- Search Under the Hood (SUH)
- Multivalue Fields (SMV)
- Intro to Knowledge Objects (IKO)
- Creating Field Extractions (CFE)
- Enriching Data with Lookups (EDL)
- Data Models (SDM)
- Introduction to Dashboards (ITD)
- Introduction to Dashboards (Free e-Learning) (ITDF)
- Dynamic Dashboards (SDD)
- Using Choropleth (SUC)
- Search Optimization (SSO)
- Splunk for Analytics and Data Science (SADS)
Splunk Cloud Administrator Role
The Splunk Cloud Administrator learning path offers modules for admins to manage data inputs and configurations in Splunk Cloud.
Before attending the Learning Path, please also complete the following free e-learning module:
Full Package: Cloud Administrator Learning Path (CA-RBLP)
Building on the introductory e-learning modules, this Learning Path contains the following modules:
- Creating Knowledge Objects (CKO)
- Creating Field Extractions (CFE)
- Enriching Data with Lookups (EDL)
- Data Models (SDM)
- Splunk Cloud Administration (SCA)
Note: The Splunk Cloud Administration (SCA) module above is for new administrators to Cloud.
If you are on-prem and migrating to Cloud and your admin previously attended System/Data Administration modules, we recommend the Transitioning to Splunk Cloud (TSC) module.
Splunk Enterprise Administrator Role
The Splunk Enterprise Administrator learning path teaches you the concepts, tasks, and best practices to install, configure, and manage your deployment, and learn to onboard varying data.
Before attending the Learning Path, please also complete the following free e-learning module:
Full Package: Splunk Enterprise Administrator Learning Path (EADM-RBLP)
Building on the introductory e-learning modules, this Learning Path contains the following modules:
- Creating Knowledge Objects (CKO)
- Creating Field Extractions (CFE)
- Enriching Data with Lookups (EDL)
- Data Models (SDM)
- Splunk Enterprise System Administration (SESA)
- Splunk Enterprise Data Administration (SEDA)
- Troubleshooting Splunk Enterprise (TSE)
- Splunk Cluster Administration (SCLA)
- Transitioning to Splunk Cloud (TSC)
- Implementing Splunk SmartStore (ISS)
- Working with Metrics in Splunk (WWMS)
- Implementing Splunk Data Stream Processor (DSP) (ISDSP)
Pro tip: Candidates who complete the learning path above and hold the Splunk Core Certified Power User certification are eligible for the Splunk Enterprise Certified Admin certification exam.
Splunk Enterprise Architect Role
The Splunk Enterprise Architect learning path teaches you concepts and best practices for sizing, scaling, and deploying Splunk across your organization.
Before attending the Learning Path, please also complete the following free e-learning module:
Full Package: Splunk Enterprise Architect Learning Path (EARCH-RBLP)
Building on the introductory e-learning modules, this Learning Path contains the following modules:
- Creating Knowledge Objects (CKO)
- Creating Field Extractions (CFE)
- Enriching Data with Lookups (EDL)
- Data Models (SDM)
- Splunk Enterprise System Administration (SESA)
- Splunk Enterprise Data Administration (SEDA)
- Troubleshooting Splunk Enterprise (TSE)
- Splunk Cluster Administration (SCLA)
- Architecting Splunk Enterprise Deployments (ASED)
- Splunk Deployment Practical Lab (SDPL)
As an alternative, we offer the following option:
Splunk Enterprise Architect Learning Path - Excluding Deployment Lab (EARCH-NODL-RBLP)
Pro tip: Candidates who complete the learning path above, the Splunk Deployment Practical Lab (SDPL), and hold the Splunk Enterprise Certified Admin certification are eligible for the Splunk Enterprise Certified Architect certification exam.
Splunk Enterprise Developer Role
The Splunk Enterprise Developer learning path teaches you how to harness the power of Splunk's Web Framework, create rich, interactive dashboards and forms, and package Splunk knowledge objects for distribution across your organization.
Before attending the Learning Path, please also complete the following free e-learning module:
Full Package: Enterprise Developer Learning Path (ED-RBLP)
Building on the introductory e-learning modules, this Learning Path contains the following modules:
- Working with Time (WWT)
- Statistical Processing (SSP)
- Leveraging Lookups and Subsearches (LLS)
- Intro to Knowledge Objects (IKO)
- Creating Knowledge Objects (CKO)
- Creating Field Extractions (CFE)
- Introduction to Dashboards (ITD)
- Introduction to Dashboards (Free e-Learning) (ITDF)
- Dynamic Dashboards (SDD)
- Advanced Dashboards & Visualizations with Splunk (ADVS)
- Splunk Enterprise System Administration (SESA)
- Splunk Enterprise Data Administration (SEDA)
- Building Splunk Apps (BAWS)
- Developing with Splunk's REST API (DSRAPI)
Pro tip: Candidates who complete the learning path above and hold either the Splunk Enterprise Certified Admin certification or the Splunk Cloud Certified Admin certification are eligible for the Splunk Certified Developer certification exam.
SOC Analyst (Enterprise Security) Role
The SOC Analyst learning path prepares security analysts to use Splunk Enterprise Security (ES) and Mission Control. Students will use ES to identify and track security incidents, analyze security risks, use predictive analytics, and threat discovery.
Before attending the Learning Path, please also complete the following free e-learning modules:
Full Package: SOC Analyst (Enterprise Security) Learning Path (SOCA-RBLP)
Building on the introductory e-learning modules, this Learning Path contains the following modules:
- Leveraging Lookups and Subsearches (LLS)
- Search Under the Hood (SUH)
- Intro to Knowledge Objects (IKO)
- Enriching Data with Lookups (EDL)
- Data Models (SDM)
- Introduction to Dashboards (ITD)
- Introduction to Dashboards (Free e-Learning) (ITDF)
- Using Splunk Enterprise Security (USES)
- Using Splunk Mission Control (USMC)
SOC Administrator (Enterprise Security) Cloud Role
The SOC Administrator learning path modules teach security admins to configure and manage Enterprise Security on Splunk Cloud.
Before attending the Learning Path, please also complete the following free e-learning modules:
Full Package: SOC Administrator (Enterprise Security) Cloud Learning Path (SOCADMC-RBLP)
Building on the introductory e-learning modules, this Learning Path contains the following modules:
- Leveraging Lookups and Subsearches (LLS)
- Search Under the Hood (SUH)
- Intro to Knowledge Objects (IKO)
- Creating Knowledge Objects (CKO)
- Creating Field Extractions (CFE)
- Enriching Data with Lookups (EDL)
- Data Models (SDM)
- Introduction to Dashboards (ITD)
- Introduction to Dashboards (Free e-Learning) (ITDF)
- Dynamic Dashboards (SDD)
- Splunk Cloud Administration (SCA)
- Administering Splunk Enterprise Security (ASES)
Pro tip: Candidates who complete the learning path above are eligible for the Splunk Enterprise Security Certified Admin certification exam.
SOC Administrator (Enterprise Security) On-Prem Role
The SOC Administrator learning path modules teach security admins to install, configure, and manage Enterprise Security on Splunk Enterprise.
Before attending the Learning Path, please also complete the following free e-learning modules:
Full Package: SOC Administrator (Enterprise Security) On-Prem Learning Path (SOCADMO-RBLP)
Building on the introductory e-learning modules, this Learning Path contains the following modules:
- Leveraging Lookups and Subsearches (LLS)
- Search Under the Hood (SUH)
- Intro to Knowledge Objects (IKO)
- Creating Knowledge Objects (CKO)
- Creating Field Extractions (CFE)
- Enriching Data with Lookups (EDL)
- Data Models (SDM)
- Introduction to Dashboards (ITD)
- Introduction to Dashboards (Free e-Learning) (ITDF)
- Dynamic Dashboards (SDD)
- Splunk Enterprise System Administration (SESA)
- Splunk Enterprise Data Administration (SEDA)
- Administering Splunk Enterprise Security (ASES)
Pro tip: Candidates who complete the learning path above are eligible for the Splunk Enterprise Security Certified Admin certification exam.
SOAR Administrator (Phantom) Role
The SOAR Administrator learning path teaches you how to install and configure SOAR, and achieve orchestration and automation tasks through SOAR playbook development.
Full Package: SOAR Administrator Learning Path (SOAR-RBLP)
This Learning Path contains the following modules:
- Administering SOAR (ASOAR)
- Developing SOAR Playbooks (DSOARP)
- Splunk Enterprise System Administration (SESA)
- Splunk Enterprise Data Administration (SEDA)
- Administering Splunk Enterprise Security (ASES)
- Advanced SOAR Implementation (ASOARI)
Pro tip: Candidates who complete the learning path above are eligible for the Splunk SOAR Certified Automation Developer certification exam.
IT Analyst (IT Service Intelligence) Role
The IT Analyst learning path teaches analysts to use Splunk IT Service Intelligence features, such as Service Analyzer, Notable Events Review, Glass Tables, Deep Dives, KPI Alerts and more.
Before attending the Learning Path, please also complete the following free e-learning modules:
Full Package: IT Analyst Learning Path (ITA-RBLP)
Building on the introductory e-learning modules, this Learning Path contains the following modules:
- Leveraging Lookups and Subsearches (LLS)
- Search Under the Hood (SUH)
- Intro to Knowledge Objects (IKO)
- Enriching Data with Lookups (EDL)
- Introduction to Dashboards (ITD)
- Introduction to Dashboards (Free e-Learning) (ITDF)
- Using Splunk IT Service Intelligence (USISI)
IT Administrator (IT Service Intelligence) Cloud Role
The IT Administrator learning path teaches admins to configure and manage Splunk for IT Service Intelligence (ITSI) on Splunk Cloud.
Before attending the Learning Path, please also complete the following free e-learning modules:
Full Package: IT Administrator (IT Service Intelligence) Cloud Learning Path (ITADMC-RBLP)
Building on the introductory e-learning modules, this Learning Path contains the following modules:
- Working with Time (WWT)
- Leveraging Lookups and Subsearches (LLS)
- Correlation Analysis (SCLAS)
- Search Under the Hood (SUH)
- Intro to Knowledge Objects (IKO)
- Creating Knowledge Objects (CKO)
- Creating Field Extractions (CFE)
- Enriching Data with Lookups (EDL)
- Data Models (SDM)
- Introduction to Dashboards (ITD)
- Introduction to Dashboards (Free e-Learning) (ITDF)
- Dynamic Dashboards (SDD)
- Search Optimization (SSO)
- Splunk Cloud Administration (SCA)
- Implementing IT Service Intelligence (ISI)
Pro tip: Candidates who complete the learning path above are eligible for the Splunk IT Service Intelligence Certified Admin certification exam.
IT Administrator (IT Service Intelligence) On-Prem Role
The IT Administrator learning path teaches admins to install, configure, and manage Splunk for IT Service Intelligence (ITSI) on Splunk Enterprise.
Before attending the Learning Path, please also complete the following free e-learning modules:
Full Package: IT Administrator (IT Service Intelligence) On-Prem Learning Path (ITADMO-RBLP)
Building on the introductory e-learning modules, this Learning Path contains the following modules:
- Working with Time (WWT)
- Leveraging Lookups and Subsearches (LLS)
- Correlation Analysis (SCLAS)
- Search Under the Hood (SUH)
- Intro to Knowledge Objects (IKO)
- Creating Knowledge Objects (CKO)
- Creating Field Extractions (CFE)
- Enriching Data with Lookups (EDL)
- Data Models (SDM)
- Introduction to Dashboards (ITD)
- Introduction to Dashboards (Free e-Learning) (ITDF)
- Dynamic Dashboards (SDD)
- Search Optimization (SSO)
- Splunk Enterprise System Administration (SESA)
- Splunk Enterprise Data Administration (SEDA)
- Implementing IT Service Intelligence (ISI)
Pro tip: Candidates who complete the learning path above are eligible for the Splunk IT Service Intelligence Certified Admin certification exam.
Splunk Observability Role
The Observability learning path for Site Reliability Engineer (SRE), DevOps and Developer includes individual modules that teach the core skills on Infrastructure Monitoring, Application Performance Management, Log Observer, Synthetics, Real User Monitoring and On-Call.
Before attending the Learning Path, please also complete the following free e-learning modules:
Choose Your Focus:
Splunk Observability (Developers) Learning Path (SO-DEV-RBLP)
Splunk Observability (DevOps) Learning Path (SO-DEVOPS-RBLP)
Splunk Observability (Site Reliability Engineer) Learning Path (SO-SRE-RBLP)
Building on the introductory e-learning modules, these Learning Paths contain the following modules:
- Splunk Infrastructure Monitoring Fundamentals (SIMF)
- Visualizing and Alerting in Splunk Infrastructure Monitoring (VASIM)
- Automation Using the REST and SignalFlow APIs (AURSAPI)
- Using the Splunk IM Terraform Provider (USIMTP)
- Kubernetes Monitoring with Splunk IM (KMWS)
- Ingesting Application Metrics in Splunk IM (IAMSIM)
- Splunk Observability Cloud: Teams (SOCT)
- Splunk Observability Cloud: Enterprise Features (SOCEF)
- Using the Splunk Log Observer (USLO)
- Using Splunk Synthetic Monitoring (USSM)
- Using Splunk Application Performance Monitoring (USAPM)
- Splunk On-Call Administration (SOCA)
- Instrumenting Applications for Splunk APM (IASAPM)
- Using Splunk Real User Monitoring (RUM) (USRUM)
- Responding to Incidents in Splunk On-Call (IRSOC)
All Splunk Training Modules
Short chunks of training material, bookable as individual modules.
- Administering Splunk Enterprise Security (ASES)
- Administering SOAR (ASOAR)
- Advanced Dashboards & Visualizations with Splunk (ADVS)
- Advanced SOAR Implementation (ASOARI)
- Architecting Splunk Enterprise Deployments (ASED)
- Automation Using the REST and SignalFlow APIs (AURSAPI)
- Building Splunk Apps (BAWS)
- Comparing Values (SCV)
- Correlation Analysis (SCLAS)
- Creating Field Extractions (CFE)
- Creating Knowledge Objects (CKO)
- Creating Maps (SCM)
- Data Models (SDM)
- Developing SOAR Playbooks (DSOARP)
- Developing with Splunk's REST API (DSRAPI)
- Dynamic Dashboards (SDD)
- Enriching Data with Lookups (EDL)
- Implementing IT Service Intelligence (ISI)
- Implementing Splunk Data Stream Processor (DSP) (ISDSP)
- Implementing Splunk SmartStore (ISS)
- Ingesting Application Metrics in Splunk IM (IAMSIM)
- Manuel Instrumentation with Splunk APM (IASAPM)
- Introduction to Dashboards (ITD)
- Introduction to Dashboards (Free e-Learning) (ITDF)
- Intro to Knowledge Objects (IKO)
- Intro to Splunk (ITS)
- Introduction to Splunk IM (eLearning) (ISIM)
- Introduction to Splunk Observability (eLearning) (ISO)
- Kubernetes Monitoring with Splunk Observability Cloud (KMWS)
- Leveraging Lookups and Subsearches (LLS)
- Multivalue Fields (SMV)
- Responding to Incidents in Splunk On-Call (IRSOC)
- Result Modification (SRM)
- Scheduling Reports & Alerts (SRA)
- Search Optimization (SSO)
- Search Under the Hood (SUH)
- Services Core Implementation (SCI)
- Splunk Cloud Administration (SCA)
- Splunk Cluster Administration (SCLA)
- Splunk Deployment Practical Lab (SDPL)
- Splunk Enterprise Data Administration (SEDA)
- Splunk Enterprise System Administration (SESA)
- Splunk Foundation Fast Start (SF-FS)
- Splunk Infrastructure Monitoring Fundamentals (SIMF)
- Splunk Observability Cloud: Enterprise Features (SOCEF)
- Splunk for Analytics and Data Science (SADS)
- Splunk Observability Cloud: Teams (SOCT)
- Splunk On-Call Administration (SOCA)
- Statistical Processing (SSP)
- Transitioning to Splunk Cloud (TSC)
- Troubleshooting Splunk Enterprise (TSE)
- Using Choropleth (SUC)
- Using Fields (SUF)
- Using Fields (Free) (SUFF)
- Using Splunk Application Performance Monitoring (USAPM)
- Using Splunk Enterprise Security (USES)
- Using the Splunk IM Terraform Provider (USIMTP)
- Using Splunk Infrastructure Monitoring (USIM)
- Using Splunk IT Service Intelligence (USISI)
- Using the Splunk Log Observer (USLO)
- Using Splunk Mission Control (USMC)
- Using Splunk Real User Monitoring (RUM) (USRUM)
- Using Splunk Synthetic Monitoring (USSM)
- Visualizations (SVZ)
- Visualizing and Alerting in Splunk Infrastructure Monitoring (VASIM)
- What is Splunk? (WIS)
- Working with Metrics in Splunk (WWMS)
- Working with Time (WWT)